A WhatsApp spokesman said the attack was sophisticated and had all the hallmarks of a "private company working with governments on surveillance".

It said it was "deeply concerned about the abuse" of surveillance technology, and it believed human rights activists may have been the targets of the breach.

"We're working with human rights groups on learning as much as we can about who may have been impacted from their community. That's really where our highest concern is," a spokesman said.

Ireland's Data Protection Commission, the lead regulator of WhatsApp in the European Union, said in a statement the vulnerability "may have enabled a malicious actor to install unauthorised software and gain access to personal data on devices which have WhatsApp installed".

Claims of 'chilling attacks on human rights defenders'

Scott Storey, a senior lecturer in cyber security at Sheffield Hallam University, said the attack appeared to be carried out by governments targeting specific people, mainly human rights campaigners.

"For the average end user, it's not something to really worry about," he said, adding WhatsApp quickly fixed the vulnerability.

"Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies," it said.

Amnesty International, which has previously reported being targeted by the software, is currently supporting legal action that would compel the Israeli Ministry of Defence to revoke the export licence of NSO Group due to its "chilling attacks on human rights defenders around the world".

"NSO Group sells its products to governments who are known for outrageous human rights abuses, giving them the tools to track activists and critics," Danna Ingleton, deputy director of Amnesty Tech, said.